Hacking Windows RT and Surface RT to run desktop apps

A developer on the XDA Developers forum, known as clrokr, has figured out how to run unsigned applications on Windows RT (Windows on ARM), including Microsoft’s own-brand Surface RT device.

The technique is described here and involves patching the Windows kernel. Currently it is not possible to jailbreak Windows RT completely, because Secure Boot prevents tampering with the system files, but it can be done after booting by using the remote debugger:

The minimum signing level determines how good an executable’s signature is on a scale like this: Unsigned(0), Authenticode(4), Microsoft(8), Windows(12). The default value on x86 machines is of course 0 because you can run anything you like on your computer. On ARM machines, it defaults to 8. That means that even if you sign your apps using your Authenticode certificate, the Surface or any other Windows RT device (at this moment) will not run them. This is not a user setting, but a hardcoded global value in the kernel itself. It cannot be changed permanently on devices with UEFI’s Secure Boot enabled. It can, however, be changed in memory.

There is further discussion on the forum here. The technique is not practical for most users yet.

According to clrokr:

The decision to ban traditional desktop applications was not a technical one, but a bad marketing decision. Windows RT needs the Win32 ecosystem to strengthen its position as a productivity tool. There are enough “consumption” tablets already.

Personally I have mixed feelings about this. If I understand the concept correctly, Windows RT is meant to have iPad-like ease of use as well as excellent security. Configuring the operating system so that only code signed by Microsoft or Windows Store apps will run is a key part of the implementation. Surface RT is not as good as it should be, in part because there is too much old-style Windows, not too little.

On the other hand, the usefulness of Windows RT is limited by the absence of key apps. There are certain things missing, like the ability to play FLAC files, and until recently, an SSH terminal client (there is one now). Looking at the thread on XDA Developers, note that among the first things users are keen to port are putty (open source SSH client) and VLC (open source multimedia player).

That said, personally I would rather see suitable apps come to the Windows Store, rather than introduce all the problems and complexities of desktop Windows to Windows RT.

“Lets open up WinRT so it can run none-existent Windows desktop apps for ARM”

Granted, there will be many open source apps which can readily be ported, but that seems a lot of work to do something that a full x86 tablet can do natively, faster and not be limited to just a few ported apps.

I guess this is mostly down to the “because we can” line of thinking and it certainly highlights that WinRT still has security holes, which I suppose is a good thing to know.

I like WinRT for its simplicity, but suppose I want a Java or SML compiler/interpreter? If I had the ability to run Visual Studio 2012 on ARM devices, I would already have been owning one of them as it’s easier to carry around than a laptop and I would still be able to do some actual work on it.